Metasploit
'Metasploit ' Modules Metasploit has six different types of modules. These are: #payloads #exploits #post #nops #auxiliary #encoders Payloads are the code that we will leave behind on the hacked system. Some people call these listeners, rootkits, etc. In Metasploit, they are referred to as payloads. These payloads include command shells, Meterpreter, etc. The payloads can be staged, inline, NoNX (bypasses the No execute feature in some modern CPUs), PassiveX (bypasses restricted outbound firewall rules), and IPv6, among others. Exploits are the shellcode that takes advantage of a vulnerability or flaw in the system. These are operating system specific and many times, service pack (SP) specific, service specific, port specific, and even application specific. They are classified by operating system, so a Windows exploit will not work in a Linux operating system and vice versa. Post are modules that we can use post exploitation of the system. Nops are short for No OPerationS. In x86 CPUs, it is usually indicated by the hex 0x90. It simply means "do nothing". This can be crucial in creating a buffer overflow. We can view the nops modules by using the show command. msf > show nops http://img.wonderhowto.com/img/original/37/27/63540342181779/0/635403421817793727.jpg Auxiliary includes numerous modules (695) that don't fit into any of the other categories. These include such things are fuzzers, scanners, denial of service attacks, and more. Check out my article on auxiliary modules for more in-depth information for this module. Encoders are modules that enable us to encode our payloads in various ways to get past AV an other security devices. We can see the encoders by typing: msf > show encoders http://img.wonderhowto.com/img/original/45/66/63540342301107/0/635403423011074566.jpg As you can see, there are numerous encoders built into Metasploit. Once of my favorites is shikata_ga_nai, which allows us to to XOR the payload to help in making it undetectable by AV software and security devices. Searching Ever since Metasploit 4 was released, Metasploit has added search capabilities. Previously, you had to use the msfcli and grep to find the modules you were looking, but now Rapid7 has added the search keyword and features. The addition of the search capability was timely as Metasploit has grown dramatically, and simple eyeball searches and grep searches were inadequate to search over 1,400 exploits, for instance. The search keyword enables us to do simple keyword searches, but it also allows us to be a bit more refined in our search as well. For instance, we can define what type of module we are searching for by using the type keyword. msf > search type:exploit http://img.wonderhowto.com/img/original/65/02/63540321278685/0/635403212786856502.jpg When we do so, Metasploit comes back with all 1,295 exploits. Not real useful. If we know we want to attack a Sun Microsystems machine running Solaris (Sun's UNIX), we may want may to refine our search to only solaris exploits, we can then use platform keyword. msf > search type:exploit platform:solaris http://img.wonderhowto.com/img/original/99/48/63540321754622/0/635403217546229948.jpg Now we have narrowed our search down to only those exploits that will work against a Solaris operating system. To further refine our search, let's assume we want to attack the Solaris RPC (sunrpc) and we want to see only those exploits attacking that particular service. We can add the keyword "sunrpc" to our serach like below: msf > search type:exploit platform:solaris sunrpc http://img.wonderhowto.com/img/original/83/94/63540322466169/0/635403224661698394.jpg As you can see, this narrows are results down to just five exploit modules!